Bio

I am a PhD student at MIT in the PDOS group. I’m interested in formal verification, systems, security, and machine learning.

In the past, I’ve been an undergraduate at MIT, and I’ve interned at OpenAI, Dropbox, Google, and ORNL. During undergrad, I co-founded Code for Good and helped run HackMIT.

Publications

1. Verifying Hardware Security Modules with Information-Preserving Refinement

   Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich.

   16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2022).

   Code [Knox framework, HSMs], Talk, Slides [pdf, key], Poster

2. Pervasive Label Errors in Test Sets Destabilize Machine Learning Benchmarks

   Curtis G. Northcutt, Anish Athalye, and Jonas Mueller.

   35th Conference on Neural Information Processing Systems (NeurIPS 2021)
   Track on Datasets and Benchmarks.

   Demo, Code, Blog Post, Press [1, 2, 3, …4, 5, 6, 7, 8, 9, 10, 11]

3. Notary: A Device for Secure Transaction Approval

   Anish Athalye, Adam Belay, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.

   27th ACM Symposium on Operating Systems Principles (SOSP 2019).

   Code, Talk, Slides, Poster, Articles [;login:, GetMobile]

4. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

   Anish Athalye*, Nicholas Carlini*, and David Wagner.

   35th International Conference on Machine Learning (ICML 2018).

   (Best Paper Award)

   Code, Poster, Press [1, 2]

5. Synthesizing Robust Adversarial Examples

   Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, and Kevin Kwok.

   35th International Conference on Machine Learning (ICML 2018).

   Blog Posts [1, 2], Slides [pdf, key], Poster, Press [1, 2, 3, …4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]

6. Black-box Adversarial Attacks with Limited Queries and Information

   Andrew Ilyas*, Logan Engstrom*, Anish Athalye*, and Jessy Lin*.

   35th International Conference on Machine Learning (ICML 2018).

   Code, Blog Posts [1, 2], Poster, Press [1, 2, 3, …4, 5, 6, 7, 8, 9]

7. pASSWORD tYPOS and How to Correct Them Securely

   Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, and Thomas Ristenpart.

   37th IEEE Symposium on Security and Privacy (SP 2016).

   (Distinguished Student Paper Award)

   Code, Press [1, 2]

Short Papers

1. Leakage models are a leaky abstraction: the case for cycle-level verification of constant-time cryptography

   Anish Athalye, M. Frans Kaashoek, Nickolai Zeldovich, and Joseph Tassarotti.

   1st Workshop on Programming Languages and Computer Architecture (PLARCH 2023).

   Code, Slides [pdf, key]

2. rtlv: push-button verification of software on hardware

   Noah Moroze, Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich.

   5th Workshop on Computer Architecture Research with RISC-V (CARRV 2021).

   Code [1, 2, 3], Talk, Blog Post

3. Evaluating and Understanding the Robustness of Adversarial Logit Pairing

   Logan Engstrom*, Andrew Ilyas*, and Anish Athalye*.

   NeurIPS 2018 Workshop on Security in Machine Learning (SECML 2018).

   Code, Poster

4. On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses

   Anish Athalye* and Nicholas Carlini*.

   The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2018).

   Code [1, 2], Poster

Manuscripts

1. On Evaluating Adversarial Robustness

   Nicholas Carlini, Anish Athalye, Nicolas Papernot, Wieland Brendel, Jonas Rauber, Dimitris Tsipras, Ian Goodfellow, Aleksander Madry, and Alexey Kurakin.

   Repository

Projects

• introduction to data-centric ai — the first-ever course on DCAI
• missing semester — a course on programmer tools
• neural-style — neural style in tensorflow
• porcupine — a fast linearizability checker
• periscope — organize and de-duplicate files without losing data
• dotbot — a tool to bootstrap dotfiles
• git-remote-dropbox — a transparent bridge between git and dropbox
• seashells — pipe shell output to the web
• … and more